Debreach: Mitigating compression side channels via static analysis and transformation

Brandon Paulsen, Chungha Sung, Peter A.H. Peterson, Chao Wang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Compression is an emerging source of exploitable side-channel leakage that threatens data security, particularly in web applications where compression is indispensable for performance reasons. Current approaches to mitigating compression side channels have drawbacks in that they either degrade compression ratio drastically or require too much effort from developers to be widely adopted. To bridge the gap, we develop Debreach, a static analysis and program transformation based approach to mitigating compression side channels. Debreach consists of two steps. First, it uses taint analysis to soundly identify flows of sensitive data in the program and uses code instrumentation to annotate data before feeding them to the compressor. Second, it enhances the compressor to exploit the freedom to not compress of standard compression protocols, thus removing the dependency between sensitive data and the size of the compressor's output. Since Debreach automatically instruments applications and does not change the compression protocols, it has the advantage of being non-disruptive and compatible with existing systems. We have evaluated Debreach on a set of web server applications written in PHP. Our experiments show that, while ensuring leakage-freedom, Debreach can achieve significantly higher compression performance than state-of-the-art approaches.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages899-911
Number of pages13
ISBN (Electronic)9781728125084
DOIs
StatePublished - Nov 2019
Event34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019 - San Diego, United States
Duration: Nov 10 2019Nov 15 2019

Publication series

NameProceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

Conference

Conference34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019
CountryUnited States
CitySan Diego
Period11/10/1911/15/19

Bibliographical note

Funding Information:
ACKNOWLEDGMENTS This work was partially funded by the U.S. National Science Foundation (NSF) under the grant CNS-1617203 and Office of Naval Research (ONR) under the grant N00014-17-1-2896.

Publisher Copyright:
© 2019 IEEE.

Keywords

  • Automated Defect Repair
  • Data Privacy
  • Program Synthesis and Transformations
  • Side Channel

Fingerprint Dive into the research topics of 'Debreach: Mitigating compression side channels via static analysis and transformation'. Together they form a unique fingerprint.

Cite this